Improper Handling of Exceptional Conditions in Fortinet Products
CVE-2024-26008

5MEDIUM

Key Information:

Vendor: Fortinet
Status: FortiOS; Fortiswitchmanager; Fortipam; Fortiproxy
Vendor: CVE Published:; 14 October 2025

What is CVE-2024-26008?

An improper check or handling of exceptional conditions in specific versions of Fortinet's FortiOS, FortiProxy, FortiPAM, and FortiSwitchManager can enable an unauthenticated attacker to exploit this vulnerability. By sending crafted SSL encrypted TCP requests, attackers may forcefully reset the fgfm connection, potentially disrupting service or leading to unauthorized access.

Affected Version(s)

FortiOS 7.4.0 <= 7.4.3

FortiOS 7.2.0 <= 7.2.7

FortiOS 7.0.0 <= 7.0.17

References

https://fortiguard.fortinet.com/psirt/FG-IR-24-041

CVSS V3.1

Score:

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 14, 2025
Vulnerability Reserved
Feb 14, 2024

JSON